{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1580", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2026-01-29T00:06:06.902Z", "datePublished": "2026-02-03T22:16:47.223Z", "dateUpdated": "2026-02-26T15:04:22.416Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "ingress-nginx", "repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "Kubernetes", "versions": [{"lessThan": "1.13.7", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "1.14.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-02-02T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}], "value": "A security issue was discovered in ingress-nginx\u00a0where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}], "impacts": [{"capecId": "CAPEC-176", "descriptions": [{"lang": "en", "value": "CAPEC-176 Configuration/Environment Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2026-02-18T17:29:08.318Z"}, "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/136677"}], "credits": [{"lang": "en", "value": "Volcengine Security Team", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "title": "ingress-nginx auth-method nginx configuration injection", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1580", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-05T04:55:13.138319Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:22.416Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1580", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-05T04:55:13.138319Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-04T14:41:11.540Z"}}], "cna": {"title": "ingress-nginx auth-method nginx configuration injection", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Volcengine Security Team"}], "impacts": [{"capecId": "CAPEC-176", "descriptions": [{"lang": "en", "value": "CAPEC-176 Configuration/Environment Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "Kubernetes", "product": "ingress-nginx", "versions": [{"status": "affected", "version": "0", "lessThan": "1.13.7", "versionType": "semver"}, {"status": "affected", "version": "0", "lessThan": "1.14.3", "versionType": "semver"}], "defaultStatus": "affected"}], "datePublic": "2026-02-02T14:00:00.000Z", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/136677"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx\u00a0where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "supportingMedia": [{"type": "text/html", "value": "A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2026-02-18T17:29:08.318Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1580", "state": "PUBLISHED", "dateUpdated": "2026-02-26T15:04:22.416Z", "dateReserved": "2026-01-29T00:06:06.902Z", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "datePublished": "2026-02-03T22:16:47.223Z", "assignerShortName": "kubernetes"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx\u00a0where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de seguridad en ingress-nginx donde la anotaci\u00f3n de Ingress 'nginx.ingress.kubernetes.io/auth-method' puede ser utilizada para inyectar configuraci\u00f3n en nginx. Esto puede llevar a la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del controlador ingress-nginx, y a la divulgaci\u00f3n de Secrets accesibles para el controlador. (Tenga en cuenta que, en la instalaci\u00f3n predeterminada, el controlador puede acceder a todos los Secrets en todo el cl\u00faster)."}], "id": "CVE-2026-1580", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2026-02-03T23:16:06.290", "references": [{"source": "jordan@liggitt.net", "url": "https://github.com/kubernetes/kubernetes/issues/136677"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T23:59:44.617629+00:00", "value": {"mitigation_remediation": ["Apply the latest ingress-nginx controller patch or upgrade to a version that fixes the auth-method injection flaw.", "Restrict the controller\u2019s service account to only the namespaces necessary for operation, preventing cluster\u2011wide secret access.\n", "Enable admission control or implement an OpenAPI validation webhook to reject or sanitize the nginx.ingress.kubernetes.io/auth-method annotation in Ingress objects."], "summary": {"action": "Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All installations of the Kubernetes ingress-nginx controller are affected, regardless of the specific version; any cluster running the controller can be targeted through the auth-method annotation on Ingress resources. No specific version range is listed, indicating that the default configuration remains vulnerable across releases that have not applied a fix. The vulnerability applies to the controller pod, which typically has cluster\u2011wide read access to Secrets.", "description_and_impact": "Ingress-nginx allows the nginx.ingress.kubernetes.io/auth-method annotation to inject arbitrary configuration into the embedded nginx server. This flaw is an input-validation weakness that can lead to unrestricted execution of attacker-controlled directives, potentially executing code within the ingress-nginx controller process. The vulnerability additionally exposes controller\u2011accessible secrets, giving an attacker the ability to read cluster\u2011wide secrets. The primary impact is therefore execution of code in the controller\u2019s context and compromise of sensitive data.", "risk_and_exploitability": "The CVSS score of 8.8 classifies the issue as high severity, but the EPSS figure of less than 1% suggests a very low probability of exploitation at present. The flaw is not listed in CISA\u2019s KEV catalog. Exploitation requires the attacker to create or update an Ingress resource with a malicious auth-method value, and the controller must run with permissions that allow it to read Secrets. If those conditions are satisfied, the attacker can inject configuration that executes arbitrary code and leaks secrets."}}}}, "created": "2026-02-04T12:06:03.638666+00:00", "updated": "2026-04-18T00:00:09.501122+00:00", "vendors": ["kubernetes", "kubernetes$PRODUCT$ingress-nginx"]}